[Samba] net rpc rights grant: NT_STATUS_ACCESS_DENIED

Ryan Suarez ryan.suarez at sheridanc.on.ca
Tue Sep 8 17:08:16 MDT 2009

Adam Nielsen wrote:
>> Use 'net sam' to add the user in question to the BUILTIN\Administrators
>> group on your Samba host.
>>> # /usr/local/samba/bin/net rpc rights grant testpc1
>>> SePrintOperatorPrivilege -U testpc1
>>> Failed to grant privileges for testpc1 (NT_STATUS_ACCESS_DENIED)
> Oh, so does 'net rpc' in this case connect to the local machine?  i.e.
> it has nothing to do with Active Directory?
> I was under the impression that it modified the permissions on the
> Active Directory object, not what the local Samba instance would allow
> or deny - my apologies!

Well, I wasn't actually able to run the net rpc rights grant.  I was 
still getting the access denied errors.  Instead, I just added testpc1 
as a member of the local Builtin/Administrators group which has all the 
rpc rights by default.

So it's still a valid question.  Does net rpc rights grant for the user 
edit the Active Directory object?

More information about the samba mailing list